Information security interaction method and device

文档序号：1889394 发布日期：2021-11-26 浏览：19次中文

阅读说明：本技术 一种信息安全交互方法及装置 (Information security interaction method and device ) 是由杨晶涵于金楠李戎范琪郑晓雪邱存月于 2021-08-27 设计创作，主要内容包括：本申请提供一种信息安全交互方法及装置,涉及信息安全领域,也可用于金融领域,包括：根据查询请求方发送的第一信息查询请求进行初次信息查询,并生成信息查询请求编号；发送所述信息查询请求编号至所述查询请求方,以使所述查询请求方根据所述信息查询请求编号生成信息查询请求凭证；根据所述查询请求方发送的第二信息查询请求及所述信息查询请求凭证进行二次信息查询,并将二次信息查询结果发送至所述查询请求方。本申请能够根据查询请求方发送的信息查询请求及信息查询请求凭证进行安全信息查询。(The application provides an information security interaction method and device, relates to the field of information security, and can also be used in the financial field, and comprises the following steps: performing primary information query according to a first information query request sent by a query requester, and generating an information query request number; sending the information inquiry request number to the inquiry requester so that the inquiry requester generates an information inquiry request certificate according to the information inquiry request number; and performing secondary information query according to a second information query request sent by the query requester and the information query request certificate, and sending a secondary information query result to the query requester. The method and the device can perform security information inquiry according to the information inquiry request and the information inquiry request certificate sent by the inquiry requester.)

1. An information security interaction method is characterized by comprising the following steps:

performing primary information query according to a first information query request sent by a query requester, and generating an information query request number;

sending the information inquiry request number to the inquiry requester so that the inquiry requester generates an information inquiry request certificate according to the information inquiry request number;

and performing secondary information query according to a second information query request sent by the query requester and the information query request certificate, and sending a secondary information query result to the query requester.

2. The information security interaction method according to claim 1, wherein the first information query request includes an information query condition and a first query request server address, the first information query is performed according to the first information query request sent by a query requester, and an information query request number is generated, including:

generating the information query request number according to the information query condition and the first query request server address;

performing primary information query according to the information query condition, and generating a primary information query result;

and associating and storing the information query request number and the primary information query result.

3. The information security interaction method according to claim 2, before performing the second information query according to the second information query request sent by the query requester and the information query request credential, further comprising:

and determining whether the second information query request and the information query request certificate meet preset information query request conditions.

4. The information security interaction method of claim 3, wherein the second information query request includes a query expiration time, a second query request server address and the information query condition, and the determining whether the second information query request and the information query request credential satisfy a preset information query request condition includes:

determining whether a current system time exceeds the query expiration time;

if not, determining whether the address of the second query request server is consistent with the address of the first query request server;

if yes, determining whether the information query condition exceeds a preset information query condition legal range;

if not, determining whether the information inquiry request certificate is legal or not.

5. The information security interaction method according to claim 2, wherein the second information query request includes the information query request number, and the performing of the second information query according to the second information query request sent by the query requester and the information query request credential and sending the result of the second information query to the query requester includes:

searching the primary information query result according to the information query request number;

and sending the primary information query result as the secondary information query result to the query requester.

6. The information security interaction method according to claim 2, wherein the second information query request includes the information query request number, and the performing of the second information query according to the second information query request sent by the query requester and the information query request credential and sending the result of the second information query to the query requester includes:

searching the primary information query result according to the information query request number;

performing secondary information query according to the primary information query result to obtain a secondary information query result;

and sending the secondary information query result to the query requester.

7. An information security interaction device, comprising:

the request number generation unit is used for carrying out primary information query according to a first information query request sent by a query requester and generating an information query request number;

a request credential generating unit, configured to send the information query request number to the query requester, so that the query requester generates an information query request credential according to the information query request number;

and the information query unit is used for carrying out secondary information query according to the second information query request sent by the query requester and the information query request certificate and sending a secondary information query result to the query requester.

8. The information security interaction device according to claim 7, wherein the first information query request includes an information query condition and a first query request server address, and the request number generation unit includes:

a request number generation module, configured to generate the information query request number according to the information query condition and the address of the first query request server;

the primary information query result generation module is used for performing primary information query according to the information query conditions and generating a primary information query result;

and the association module is used for associating and storing the information query request number and the primary information query result.

9. The information security interaction device of claim 8, further comprising:

and the query request condition judging unit is used for determining whether the second information query request and the information query request certificate meet preset information query request conditions.

10. The information security interaction device of claim 9, wherein the second information query request includes a query expiration time, a second query request server address, and the information query condition, and the information query unit includes:

the system comprises a query expiration time determining module, a system expiration time determining module and a query expiration time determining module, wherein the query expiration time determining module is used for determining whether the current system time exceeds the query expiration time;

the address determining module is used for determining whether the address of the second inquiry request server is consistent with the address of the first inquiry request server;

the query condition legality determining module is used for determining whether the information query condition exceeds a preset information query condition legal range;

and the request certificate validity determining module is used for determining whether the information inquiry request certificate is legal or not.

11. The information security interaction device of claim 8, wherein the second information query request includes the information query request number, and the information query unit includes:

the searching module is used for searching the primary information inquiry result according to the information inquiry request number;

and the sending module is used for sending the primary information query result as the secondary information query result to the query requester.

12. The information security interaction device of claim 8, wherein the second information query request includes the information query request number, and the information query unit includes:

the searching module is used for searching the primary information inquiry result according to the information inquiry request number;

the query module is used for carrying out secondary information query according to the primary information query result to obtain a secondary information query result;

and the sending module is used for sending the primary information query result as the secondary information query result to the query requester.

13. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the steps of the method for secure interaction of information according to any one of claims 1 to 6 are implemented when the program is executed by the processor.

14. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method for secure interaction of information according to any one of claims 1 to 6.

Technical Field

The application relates to the field of information security, can be used in the field of finance, and particularly relates to an information security interaction method and device.

Background

In the era of wide application of the internet, the continuous application of new technologies promotes the operation and development of the national economic society. With the continuous innovation of financial science and technology and the rapid popularization of bank online business, more and more government departments, enterprises and institutions release own online financial products, and provide convenient online financial services for customers.

Banks, as the main body of online financial services, may have a large number of information interaction processes with various government departments, enterprises and institutions. The business scenario involving customer personal information interaction is not poor. In the interaction process, once the personal information of the client is hijacked, the privacy of the client is revealed, so that not only can the capital and the like of the client be seriously lost, but also the reputation and the image of a bank can be influenced. Therefore, banks have the responsibility of protecting the security of personal information of customers when providing, acquiring and using the personal information of the customers.

In the prior art, banks mainly adopt basic information security measures such as private line access, data desensitization, data encryption and digital signature to carry out customer personal information interaction with various government departments, enterprises and institutions so as to reduce the risk of customer personal information leakage. However, the conventional information security means cannot clearly limit the range of use of the client personal information, and cannot perform traceability management on access and acquisition of the client personal information. Once the personal information of the client is leaked or the client does not recognize the personal information to be used, the responsibility of both information interaction parties is difficult to define.

Disclosure of Invention

Aiming at the problems in the prior art, the application provides an information security interaction method and device, which can perform security information query according to an information query request and an information query request certificate sent by a query requester.

In order to solve the technical problem, the application provides the following technical scheme:

in a first aspect, the present application provides an information security interaction method, including:

performing primary information query according to a first information query request sent by a query requester, and generating an information query request number;

Further, the first information query request includes an information query condition and a first query request server address, the first information query is performed according to the first information query request sent by the query requester, and an information query request number is generated, including:

generating the information query request number according to the information query condition and the first query request server address;

performing primary information query according to the information query condition, and generating a primary information query result;

and associating and storing the information query request number and the primary information query result.

Further, before performing the second information query according to the second information query request sent by the query requester and the information query request credential, the method further includes:

and determining whether the second information query request and the information query request certificate meet preset information query request conditions.

Further, the determining whether the second information query request and the information query request credential satisfy a preset information query request condition includes:

determining whether a current system time exceeds the query expiration time;

if not, determining whether the address of the second query request server is consistent with the address of the first query request server;

if yes, determining whether the information query condition exceeds a preset information query condition legal range;

if not, determining whether the information inquiry request certificate is legal or not.

Further, the second information query request includes the information query request number, and the second information query is performed according to the second information query request sent by the query requester and the information query request credential, and the second information query result is sent to the query requester, including:

searching the primary information query result according to the information query request number;

and sending the primary information query result as the secondary information query result to the query requester.

searching the primary information query result according to the information query request number;

performing secondary information query according to the primary information query result to obtain a secondary information query result;

and sending the secondary information query result to the query requester.

In a second aspect, the present application provides an information security interaction device, including:

Further, the first information query request includes an information query condition and a first query request server address, and the request number generating unit includes:

a request number generation module, configured to generate the information query request number according to the information query condition and the address of the first query request server;

and the association module is used for associating and storing the information query request number and the primary information query result.

Further, the information security interaction device further includes:

Further, the second information query request includes query expiration time, a second query request server address, and the information query condition, and the information query unit includes:

the address determining module is used for determining whether the address of the second inquiry request server is consistent with the address of the first inquiry request server;

the query condition legality determining module is used for determining whether the information query condition exceeds a preset information query condition legal range;

and the request certificate validity determining module is used for determining whether the information inquiry request certificate is legal or not.

Further, the second information query request includes the information query request number, and the information query unit includes:

the searching module is used for searching the primary information inquiry result according to the information inquiry request number;

and the sending module is used for sending the primary information query result as the secondary information query result to the query requester.

Further, the second information query request includes the information query request number, and the information query unit includes:

the searching module is used for searching the primary information inquiry result according to the information inquiry request number;

the query module is used for carrying out secondary information query according to the primary information query result to obtain a secondary information query result;

and the sending module is used for sending the primary information query result as the secondary information query result to the query requester.

In a third aspect, the present application provides an electronic device including a memory, a processor, and a computer program stored on the memory and executable on the processor, where the processor implements the steps of the information security interaction method when executing the program.

In a fourth aspect, the present application provides a computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, performs the steps of the information security interaction method.

Aiming at the problems in the prior art, the information security interaction method and the information security interaction device can provide information query service for the query requester in a 'two-time handshake' mode, can safely verify the legality of the information query request performed by the query requester by generating the information query request certificate in the information query process, can perform traceable management on whether the information query request is legal, can control the application range of personal information of a client on the interaction level of two parties, ensure the security of the personal information of the client on line, and effectively prevent the leakage of the personal information of the client.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.

FIG. 1 is a flowchart of an information security interaction method in an embodiment of the present application;

FIG. 2 is a flowchart illustrating the generation of an information query request number according to an embodiment of the present application;

FIG. 3 is a flowchart illustrating an embodiment of the present application for determining information query request conditions;

FIG. 4 is a flowchart illustrating a second information query process according to an embodiment of the present application;

FIG. 5 is a second flowchart illustrating a second information query process according to an embodiment of the present application;

FIG. 6 is a block diagram of an information security interaction device according to an embodiment of the present application;

fig. 7 is a structural diagram of a request number generation unit in the embodiment of the present application;

FIG. 8 is a block diagram of an information query unit in an embodiment of the present application;

FIG. 9 is a diagram of one of the structures of an information query unit in the embodiment of the present application;

FIG. 10 is a second block diagram of an information query unit according to an embodiment of the present invention;

fig. 11 is a schematic structural diagram of an electronic device in an embodiment of the present application;

FIG. 12 is a schematic diagram illustrating a business process in an embodiment of the present application;

fig. 13 is a second schematic view of the business process in the embodiment of the present application.

Detailed Description

The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.

The information security interaction method provided by the application can be used in a business scene of customer personal information interaction. The business scenario comprises at least two participants, one is an information inquiry requester, and the other is an information inquiry service provider. The typical query requester may be a government agency, a financial center, or a third-party financial service providing platform, and the provider of the information query service may be a bank or other financial institution, which is not limited in this application.

The provider of the personal information of the client is responsible for protecting the security of the personal information of the client when acquiring, providing and using the personal information of the client. In the prior art, basic information security measures such as private access, data desensitization, data encryption and digital signature are adopted to guarantee the security of the personal information of the client, but the use range of the personal information of the client cannot be clearly limited, and the use condition of the personal information of the client cannot be traceably managed. When a client does not recognize the use range of personal information, or does not recognize that the client has been authorized to use personal information of the client or provide personal information of the client to other people, it is difficult to define the responsibility of both information interaction parties. Therefore, the application provides an information security interaction method.

It should be noted that the information security interaction method and apparatus provided by the present application may be used in the financial field, and may also be used in any field other than the financial field.

In an embodiment, referring to fig. 1, in order to perform security information query according to an information query request and an information query request credential sent by a query requester, an information security interaction method provided in the present application includes:

s101: performing primary information query according to a first information query request sent by a query requester, and generating an information query request number;

it is understood that when the query requester needs to obtain the client personal information stored in the provider of the information query service, an information query request may be initiated to the provider of the information query service. For the sake of safety, the application provides a customer personal information safety interaction method based on query authorization. The information inquiry requester and the information inquiry service provider can safely complete the interaction of the personal information of the client in a 'two-way handshake' manner. In the interaction process, the traditional encryption technology and the digital signature technology can be adopted to process the personal information of the client in advance, so that the integrity and the safety of the personal information of the client are ensured.

It should be noted that in the first handshake of the "two-way handshake", the query requester needs to send a first information query request to the provider of the information query service, so that the provider of the information query service performs a first information query according to the first information query request, and generates an information query request number. The first information query request includes at least: the information query condition and the address of the first query request server, which is not limited in this application. The information query condition may include, but is not limited to, a customer name, a customer identification number, a query selection time period, and the like. In one embodiment, the information query request number may be a combination of the time when the request occurs and the client identification number, such as 202108011107, but the application is not limited thereto. The information inquiry request number is only used for identifying the information inquiry request.

In one embodiment, the information query request number can be generated through a snowflake algorithm, the time when the request occurs, the client identity card number and a self-increment sequence taken from a database are used as access references, and a globally unique information query request number is generated through the snowflake algorithm.

The first query request server address can be used for comparing with a second query request server address sent by a query requester in the second handshake, so as to confirm that the two handshakes originate from the same query requester, thereby further ensuring the security of information interaction.

That is, step S101 can be understood as a process in which both parties perform a first handshake. In the process, the provider of the information query service can complete the initial information query, and generate a specific information query request number for the corresponding first information query request, so that the number is used as the basis for mutual recognition of the two parties. The primary information query result is not sent to the query requester for the time, but is stored at the provider end of the information query service, and the information query result is sent to the query requester until the secondary handshake succeeds, so that the safety information interaction is completed.

It should be noted that the initial information query result may be a final information query result required by the query requester, or may be an sql query statement corresponding to the final information query result. In some cases, the final information query result has a large data volume and is a refinement result, and if the refinement result is stored in the process of initial information query, a large storage space is consumed, and at this time, only the sql query statement corresponding to the final information query result may be selected to be stored as the initial information query result.

S102: sending an information inquiry request number to an inquiry requester so that the inquiry requester generates an information inquiry request certificate according to the information inquiry request number;

it can be understood that, according to the foregoing, the information query request number is a specific number generated by the provider of the information query service for the information query. After the provider of the information query service sends the information query request number to the query requester, the query requester can use the number as an identity authentication basis in the subsequent information interaction process. Specifically, the information inquiry request credential is generated based on the information inquiry request number. The information inquiry request certificate has the significance that the provider of the information inquiry service can acquire the identity information of the inquiry requester with the information inquiry request certificate; furthermore, the information query request certificate may also contain a plurality of person signature information of the client to be queried by the query requester. The personal digital signature information represents that an inquiry requester and a client thereof agree with the inquiry requester to perform the information inquiry service, and agree with a provider of the information inquiry service to provide personal information of the client to the inquiry requester; the information query request voucher is kept, so that legal basis can be provided for subsequent personal information disclosure disputes of the client which may occur.

The information query request certificate may adopt a form agreed in advance by both information interaction parties, for example, the information query request certificate may include an authorization code, an authorization book, an authorization picture, and the like, where an information query request number is required to be included. And judging the validity of the authorization according to the information. During the interaction process, the information inquiry request certificate can be provided by an inquiry requester, and the validity of the information inquiry request certificate can be determined by a provider of the information inquiry service. Therefore, the traceability management of the interaction condition of the personal information of the client is realized, the use range of the personal information of the client is limited, and the use and the object of the personal information of the client are strictly controlled. In an embodiment, the information query request number and the authorization code may be generated into a two-dimensional code according to a certain rule as a credential for generating the information query request.

For example, the information query request number and the authorization code are input into a public Create QRCode for generating the two-dimensional code, and a two-dimensional code can be generated according to a binary digital coding rule.

S103: and performing secondary information query according to a second information query request and the information query request certificate sent by the query requester, and sending a secondary information query result to the query requester.

It will be appreciated that this step embodies the second handshake procedure of the method described herein. After the information interaction parties complete the first handshake, the provider of the information query service can perform secondary information query according to the second information query request and the information query request certificate sent by the query requester, and send the secondary information query result to the query requester.

The second information inquiry request at least comprises an information inquiry request number, inquiry failure time, a second inquiry request server address and the information inquiry condition. The information inquiry request number is the unique number of the information inquiry at this time, and the initial information inquiry result which is inquired in advance in step S101 and stored in the provider of the information inquiry service can be found according to the number. After the information is found, the provider of the information query service can send the primary information query result as a secondary information query result to the query requester so as to complete the safety information interaction process.

From the above description, it can be known that the information security interaction method provided by the present application can provide information query service to the query requester in a "two-way handshake" manner, can safely verify the validity of the information query request performed by the query requester by generating an information query request credential in the information query process, can perform traceable management on whether the information query request is valid, and can control the application range of the personal information of the client on the two-party interaction level, ensure the security of the personal information of the client on line, and effectively prevent the leakage of the personal information of the client.

In order to more clearly express the characteristics and advantages of the method described in the present application, the following will describe the implementation flow of the method described in the present application in further detail by taking an example that a government platform initiates an individual generation payroll query to a bank (a provider of an information query service). In the business scenario, the bank provides a secure information query service for a government platform as a query requester with a provider as the information query service.

In an embodiment, referring to fig. 2, the first information query request includes an information query condition and a first query request server address, and performs a first information query according to the first information query request sent by a query requester, and generates an information query request number, including:

s201: generating an information query request number according to the information query condition and the address of the first query request server;

s202: performing primary information query according to the information query conditions, and generating a primary information query result;

s203: and associating and storing the information query request number and the initial information query result.

It can be understood that steps S201 to S203 represent a first handshake process in the method described in the present application, and the specific flow is as follows (fig. 12 may be combined):

the government platform initiates a first query request to the bank through a private line and sends information query conditions to the bank. In the scenario of a payroll detail query, the query conditions may be: the client name, the client identity card number, the time period for query selection and the like, and meanwhile, the government platform also needs to upload a server IP address (acquireIp) for acquiring a final information query result;

secondly, after receiving the first query request, the bank can generate a unique number (applyId) corresponding to the first query request, namely an information query request number, and generates a database query sql statement (querySql) of the client's generation wage detail according to the information query condition; for example, the information inquiry request number is the combination of the client identity card number and the IP address number of the first inquiry request server; the sql statement pseudo-code that queries the generative payroll specification data may be expressed as: a select account number, a account name, a payroll posting date, a posting time, a posting amount, an abstract from bank issuance payroll detail table where a customer identity card number is an identity card number and an account name uploaded by an inquiring party, and a customer name and a posting time between starting date and ending date uploaded by the inquiring party; the present application is not limited thereto;

and the bank stores the information such as the information inquiry request number (applyId), the server IP address (acquireIp) sent by the government platform, the application receiving time, the inquiry failure time, the database inquiry sql statement (querySql) and the like into the background client information inquiry application table. Wherein, the query failure time can be agreed by the interactive parties in advance. In the scene, in the related business, the government platform may perform individual surreptitious wage detail inquiry for a plurality of times in a short time, so that the bank makes an agreement with the government platform, and after receiving the inquiry request for 30 minutes, the inquiry request is invalid;

fourthly, the bank returns the information inquiry request number (applyId) to the government platform;

the government platform receives the information inquiry request number (applyId) returned by the bank and registers the number. So far, both sides of information interaction complete the first handshake process.

In one embodiment, the intermediate data generated in the above process may be stored in a "customer information query application form" (which may be the primary information query result), for example:

the "customer information query application form" can be read by a subsequent second handshake procedure to obtain the necessary information.

As can be seen from the above description, the information security interaction method provided by the present application can perform a first information query according to a first information query request sent by a query requester, and generate an information query request number.

In an embodiment, performing the second information query according to the second information query request sent by the query requester and the information query request credential includes:

and determining whether the second information query request and the information query request certificate meet preset information query request conditions.

It can be understood that before the second information query, it is necessary to determine whether the second information query request and the information query request certificate satisfy the preset information query request condition, that is, to perform validity determination; if the validity judgment is passed, the provider of the information query service can perform secondary information query. The detailed flow is described in step S301 to step S304.

As can be seen from the above description, the information security interaction method provided by the present application can perform secondary information query according to the second information query request sent by the query requester and the information query request credential.

In an embodiment, referring to fig. 3, the determining whether the second information query request and the information query request credential satisfy a predetermined information query request condition includes:

s301: determining whether the query expiration time exceeds a current system time;

s302: if not, determining whether the address of the second query request server is consistent with the address of the first query request server;

s303: if yes, determining whether the information query condition exceeds a preset information query condition legal range;

s304: if not, determining whether the information inquiry request certificate is legal or not.

It can be understood that steps S301 to S304 represent a second handshake process in the method described in this application, and the specific flow is as follows (fig. 13 may be combined):

firstly, after a government platform provides a query application for the personal surname information of a client by using a first information query request, an information query request certificate is generated according to an information query request certificate style agreed by two interactive parties, and the information query request certificate is retained. The credential may indicate that the client knows and agrees that his personal information will be provided to the query requestor for some purpose. In this scenario: the inquiry voucher is an authorization book which is used for inquiring personal wage issuing details by a personal (client) authorized government platform and needs to be signed by the client;

secondly, the government platform (inquiry requester) initiates an inquiry result acquisition request, namely a second information inquiry request, to the bank (inquiry service provider); uploading a query request number (applyId), an information query request certificate (authCode) of the query and authorization time, wherein the information query request certificate can be a BASE64 coded picture, an accessible picture URL address, a character string type authorization code and the like, and in the scene, the information query request certificate is the URL address of a personal wage detail query authorization book picture;

a bank (query service provider) receives a request of a government platform (query requester), acquires a query request number (applyId), and acquires an information acquirer server IP address (acquireIp), query expiration time (failTime) and a database query sql statement (querySql) from a client information query application table according to the query request number;

comparing the current system time with the query failure time (failTime) by a bank (a query service provider), if the system time is later than the failure time, returning a query failure result of the government platform, registering the query failure result and the reason (the query is overtime) in a client information query application form, and finishing the secondary request interaction process;

if the query is not invalid, the bank (query service provider) continues to acquire the IP of the visitor, and in order to avoid that the request. Acquiring X-Real-IP from a Header, if the X-Real-IP does not exist, adopting the X-Forwarded-For, dividing to obtain the first IP, and if the X-Real-IP does not exist, calling request.

Comparing whether the obtained visitor IP is consistent with the obtained information acquirer server IP address (acquireIp) in the table or not by the bank (the inquiry service provider), if not, returning an inquiry failure result, registering the inquiry failure result and the reason (the inquiry IP is not consistent) in the client information inquiry application table, and finishing the secondary request interaction process;

if the two IP are in accordance with each other, the bank (inquiry service provider) registers the information inquiry request certificate (authCode) sent by the government platform (inquiry requester) in the client information inquiry application table, and acquires the inquiry authorization certificate generated by the inquiry requester according to the certificate information. And verifying the validity of the authorization voucher according to the rule agreed by the two interactive parties. In the scene, a bank can register the URL address of the personal salary issuance detail inquiry authorization book picture sent by the government platform in the client information inquiry application form, access the URL address to obtain the authorization book picture, obtain authorization content and client signature content through an OCR (optical character recognition) technology, compare the authorization content with an authorization template, compare the client signature content with the client name, and if the comparison is successful, the authorization certificate is considered to be valid.

If yes, the bank returns back to the government platform (inquiry requester) to inquire the failure result, and registers the failure result and reason (the authorization certificate is invalid) in the client information inquiry application list, and the secondary request interaction process is finished.

As can be seen from the above description, the information security interaction method provided by the present application can determine whether the second information query request and the information query request credential satisfy the preset information query request condition.

In an embodiment, referring to fig. 4, the second information query request includes the information query request number, and the performing a second information query according to the second information query request sent by the query requester and the information query request credential, and sending a second information query result to the query requester includes:

s401: searching the primary information query result according to the information query request number;

s402: and sending the primary information query result as the secondary information query result to the query requester.

It can be understood that if the bank (query service provider) determines that the authorization certificate is valid, a database query sql statement (querySql) registered in the table for obtaining the surrogated payroll details within a specified time period of the individual according to the name and the identity card number is executed, and the queried detail result is returned to the government platform (query requester) as a secondary information query result. And registering a query success result in the client information query application table. And the query requester finishes the query result acquisition and the secondary request interaction process.

In an embodiment, referring to fig. 5, the second information query request includes the information query request number, and the performing a second information query according to the second information query request sent by the query requester and the information query request credential, and sending a second information query result to the query requester includes:

s501: searching the primary information query result according to the information query request number;

s502: performing secondary information query according to the primary information query result to obtain a secondary information query result;

s503: and sending the secondary information query result to the query requester.

It is understood that steps S501 to S503 are another embodiment corresponding to steps S401 to S402. In the embodiments of step S501 to step S503, the initial information query result is not the final information query result, but is only the sql statement corresponding to the final information query result, for example:

Select

DEPZONE// agent area number

SEQ NO// batch number

Send/transfer date

STATUS// treatment flag

ACCNO// Account

IDENTITYID// identification number

BUSIDATE// posting date

AMOUNT// posting AMOUNT

ACCNAME// house name

CINO// client number

MSGSUMMARY// abstract

,MSGSUMMARYF

FROM BDPVIEWX.DCM_BAS_PFHRSAGH_S

WHERE

IDENTITYID customer ID number sent from inquiring party and

ACCNAME ═ customer name delivered by Inquiry side' and

BUSIDATE between 'Start query date' and 'end query date'

In this embodiment, if the bank (query service provider) determines that the authorization voucher is valid, a database query sql (querySql) registered in the table for obtaining details of surreptitious payroll within a specified time period of an individual according to name and identification number is executed, that is, a primary information query result, and the queried details are returned to the government platform (query requester) as a secondary information query result. And registering a query success result in the client information query application table. And the query requester finishes the query result acquisition and the secondary request interaction process.

Based on the same inventive concept, the embodiment of the present application further provides an information security interaction apparatus, which can be used to implement the methods described in the above embodiments, as described in the following embodiments. Because the principle of the information security interaction device for solving the problems is similar to that of the information security interaction method, the implementation of the information security interaction device can refer to the implementation of the software performance reference determination method, and repeated parts are not described again. As used hereinafter, the term "unit" or "module" may be a combination of software and/or hardware that implements a predetermined function. While the system described in the embodiments below is preferably implemented in software, implementations in hardware, or a combination of software and hardware are also possible and contemplated.

In an embodiment, referring to fig. 6, in order to perform security information query according to an information query request and an information query request credential sent by a query requester, the present application provides an information security interaction apparatus, including:

a request number generating unit 501, configured to perform a first information query according to a first information query request sent by a query requester, and generate an information query request number;

a request credential generating unit 502, configured to send the information query request number to the query requester, so that the query requester generates an information query request credential according to the information query request number;

the information query unit 503 is configured to perform secondary information query according to the second information query request sent by the query requester and the information query request credential, and send a secondary information query result to the query requester.

In an embodiment, referring to fig. 7, the first information query request includes an information query condition and a first query request server address, and the request number generating unit 501 includes:

a request number generation module 601, configured to generate the information query request number according to the information query condition and the first query request server address;

a primary information query result generation module 602, configured to perform a primary information query according to the information query condition, and generate a primary information query result;

and the associating module 603 is configured to associate and store the information query request number and the primary information query result.

In an embodiment, the information security interaction apparatus further includes:

In an embodiment, referring to fig. 8, the second information query request includes a query expiration time, a second query request server address, and the information query condition, and the information query unit 503 includes:

a dead time determining module 701, configured to determine whether a current system time exceeds the query dead time;

an address determination module 702, configured to determine whether the second query request server address is consistent with the first query request server address;

a query condition validity determining module 703, configured to determine whether the information query condition exceeds a preset information query condition validity range;

a request certificate validity determining module 704, configured to determine whether the information query request certificate is valid.

In an embodiment, referring to fig. 9, the second information query request includes the information query request number, and the information query unit 503 includes:

a searching module 801, configured to search the primary information query result according to the information query request number;

a sending module 802, configured to send the primary information query result as the secondary information query result to the query requester.

In an embodiment, referring to fig. 10, the second information query request includes the information query request number, and the information query unit 503 includes:

a searching module 901, configured to search the primary information query result according to the information query request number;

the query module 902 is configured to perform secondary information query according to the primary information query result to obtain a secondary information query result;

a sending module 903, configured to send the primary information query result as the secondary information query result to the query requester.

In order to perform security information query according to an information query request and an information query request credential sent by a query requester, an embodiment of an electronic device for implementing all or part of contents in the information security interaction method is provided in the present application, where the electronic device specifically includes the following contents:

a Processor (Processor), a Memory (Memory), a communication Interface (Communications Interface) and a bus; the processor, the memory and the communication interface complete mutual communication through the bus; the communication interface is used for realizing information transmission between the information security interaction device and relevant equipment such as a core service system, a user terminal, a relevant database and the like; the logic controller may be a desktop computer, a tablet computer, a mobile terminal, and the like, but the embodiment is not limited thereto. In this embodiment, the logic controller may be implemented with reference to the embodiment of the information security interaction method and the embodiment of the information security interaction apparatus in the embodiment, and the contents thereof are incorporated herein, and repeated descriptions are omitted.

It is understood that the user terminal may include a smart phone, a tablet electronic device, a network set-top box, a portable computer, a desktop computer, a Personal Digital Assistant (PDA), an in-vehicle device, a smart wearable device, and the like. Wherein, intelligence wearing equipment can include intelligent glasses, intelligent wrist-watch, intelligent bracelet etc..

In practical applications, part of the information security interaction method may be executed on the electronic device side as described in the above, or all operations may be completed in the client device. The selection may be specifically performed according to the processing capability of the client device, the limitation of the user usage scenario, and the like. This is not a limitation of the present application. The client device may further include a processor if all operations are performed in the client device.

The client device may have a communication module (i.e., a communication unit), and may be in communication connection with a remote server to implement data transmission with the server. The server may include a server on the side of the task scheduling center, and in other implementation scenarios, the server may also include a server on an intermediate platform, for example, a server on a third-party server platform that is communicatively linked to the task scheduling center server. The server may include a single computer device, or may include a server cluster formed by a plurality of servers, or a server structure of a distributed apparatus.

Fig. 11 is a schematic block diagram of a system configuration of an electronic device 9600 according to an embodiment of the present application. As shown in fig. 11, the electronic device 9600 can include a central processor 9100 and a memory 9140; the memory 9140 is coupled to the central processor 9100. Notably, this FIG. 11 is exemplary; other types of structures may also be used in addition to or in place of the structure to implement telecommunications or other functions.

In one embodiment, the information security interaction method function may be integrated into the central processor 9100. The central processor 9100 may be configured to control as follows:

s101: performing primary information query according to a first information query request sent by a query requester, and generating an information query request number;

s102: sending an information inquiry request number to an inquiry requester so that the inquiry requester generates an information inquiry request certificate according to the information inquiry request number;

s103: and performing secondary information query according to a second information query request and the information query request certificate sent by the query requester, and sending a secondary information query result to the query requester.

In another embodiment, the information security interaction device may be configured separately from the central processing unit 9100, for example, the information security interaction device may be configured as a chip connected to the central processing unit 9100, and the function of the information security interaction method may be implemented by the control of the central processing unit.

As shown in fig. 11, the electronic device 9600 may further include: a communication module 9110, an input unit 9120, an audio processor 9130, a display 9160, and a power supply 9170. It is noted that the electronic device 9600 also does not necessarily include all of the components shown in fig. 11; in addition, the electronic device 9600 may further include components not shown in fig. 11, which may be referred to in the prior art.

As shown in fig. 11, a central processor 9100, sometimes referred to as a controller or operational control, can include a microprocessor or other processor device and/or logic device, which central processor 9100 receives input and controls the operation of the various components of the electronic device 9600.

The memory 9140 can be, for example, one or more of a buffer, a flash memory, a hard drive, a removable media, a volatile memory, a non-volatile memory, or other suitable device. The information relating to the failure may be stored, and a program for executing the information may be stored. And the central processing unit 9100 can execute the program stored in the memory 9140 to realize information storage or processing, or the like.

The input unit 9120 provides input to the central processor 9100. The input unit 9120 is, for example, a key or a touch input device. Power supply 9170 is used to provide power to electronic device 9600. The display 9160 is used for displaying display objects such as images and characters. The display may be, for example, an LCD display, but is not limited thereto.

The memory 9140 can be a solid state memory, e.g., Read Only Memory (ROM), Random Access Memory (RAM), a SIM card, or the like. There may also be a memory that holds information even when power is off, can be selectively erased, and is provided with more data, an example of which is sometimes called an EPROM or the like. The memory 9140 could also be some other type of device. Memory 9140 includes a buffer memory 9141 (sometimes referred to as a buffer). The memory 9140 may include an application/function storage portion 9142, the application/function storage portion 9142 being used for storing application programs and function programs or for executing a flow of operations of the electronic device 9600 by the central processor 9100.

The memory 9140 can also include a data store 9143, the data store 9143 being used to store data, such as contacts, digital data, pictures, sounds, and/or any other data used by an electronic device. The driver storage portion 9144 of the memory 9140 may include various drivers for the electronic device for communication functions and/or for performing other functions of the electronic device (e.g., messaging applications, contact book applications, etc.).

The communication module 9110 is a transmitter/receiver 9110 that transmits and receives signals via an antenna 9111. The communication module (transmitter/receiver) 9110 is coupled to the central processor 9100 to provide input signals and receive output signals, which may be the same as in the case of a conventional mobile communication terminal.

Based on different communication technologies, a plurality of communication modules 9110, such as a cellular network module, a bluetooth module, and/or a wireless lan module, may be disposed in the same electronic device. The communication module (transmitter/receiver) 9110 is also coupled to a speaker 9131 and a microphone 9132 via an audio processor 9130 to provide audio output via the speaker 9131 and receive audio input from the microphone 9132, thereby implementing ordinary telecommunications functions. The audio processor 9130 may include any suitable buffers, decoders, amplifiers and so forth. In addition, the audio processor 9130 is also coupled to the central processor 9100, thereby enabling recording locally through the microphone 9132 and enabling locally stored sounds to be played through the speaker 9131.

An embodiment of the present application further provides a computer-readable storage medium capable of implementing all the steps in the information security interaction method with the execution subject being the server or the client in the foregoing embodiments, where the computer-readable storage medium stores a computer program, and when the computer program is executed by a processor, the computer program implements all the steps in the information security interaction method with the execution subject being the server or the client in the foregoing embodiments, for example, when the processor executes the computer program, the processor implements the following steps:

s101: performing primary information query according to a first information query request sent by a query requester, and generating an information query request number;

As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (devices), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

The principle and the implementation mode of the invention are explained by applying specific embodiments in the invention, and the description of the embodiments is only used for helping to understand the method and the core idea of the invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

24页详细技术资料下载

Information security interaction method and device

相关技术

网友询问留言